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Data privacy in the mobile ad-hoc network is a problem due to wireless 
medium, frequent node movement and lack of any centralized infrastructure 
support. In such case, it is very important to build a reliable and secure 
network and achieve high throughput in MANET. The reliability and security 
of a network depend on whether the network remains linked to different 
failures and malicious activities, which is the fundamental issue that needs to 
be focused when designing a secure routing protocol in MANET. This paper 
proposes an effective privacy mechanism to handle data security through a 
novel secure session key exchange model, which provides the node data 
privacy and network stability for a longer period of time and prevents 
abnormal behavior changes due to malicious behavior and different type of 
attacks in the network. The simulation results show improvement in 
throughput with nominal overhead and end-to-end delay in different 
malicious conditions against existing protocols. 
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1. INTRODUCTION 

Mobile ad hoc networks benefit greatly from wireless communications because of their 
infrastructure independence and the multi-hop nature of communications. However, this advantage poses a 
significant challenge to data security and privacy management, which affects secure data delivery in mobile 
ad-hoc networks because of high numbers of attacks and dynamic topology changes on wireless channels. At 
the same time, network stability is an integral part of reliable communication services. Since the operating 
range is not limited to the topology, it is likely to be intrinsically damaged. This is because it is very difficult 
to ensure temporary routing of this difficulty in order to preserve the "centralized policy" or "scheme" of the 
existing network. Various ad-hoc routing protocols[1], [2], [3], [4], [6] deal with security requirements and 
some of the proposals in the past have targeted high vulnerabilities in ad hoc networks. In addition to the 
above difficulties, the resources of MANET cause major problems in security process deployment and major 
constraints limitation. The protocols AODV and DSR routing are very efficient, but both are vulnerable to 
various types of attacks. 

In the past several routing protocols have been proposed [1], [6], [7], [10], [12] that are well suited 
to the dynamic characteristic of ad-hoc networks. Nevertheless, these routing protocols assume security and 
believe that all nodes in the environment are supportive and trustworthy. This assumption is not valid. 
However, it is almost impossible to maintain prerequisites on a real network in view of potential node 
malfunctions and random failures. For example, a rogue node cannot pass control or data packets to another 
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node to store its resources and can initiate a denial of service (DoS) attack and interfere with normal 
communication procedures. Many studies have been performed to characterize various node malfunctions 
and to assess their impact on network performance. However, little research effort has been made to analyze 
how much they affect node personal information during data communication. 

In this paper, we propose an effective Data Privacy Mechanism (DPM) through Secure Session Key 
Exchange (Sskey ) Model to establish node privacy during data communication. It contributes a distinct 
Sskey for each data route from source and destination for the data privacy communication. It provides a 
secure communication method that uses "symmetric encryption" and "authentication routing" to protect 
messages. It protects the data with a unique, trusted encryption key that is generated using a trusted path. 
This has the advantage of improving QoS by minimizing high "throughput" and "end-to-end delay" in low- 
cost routing constraints. The objective of this paper is to secure an existing ad-hoc routing protocol, AODV 
[11], by extending it in an approach that non-malicious nodes can distinguish and segregate malicious nodes 
from the network so that it cannot interrupt the network. In this paper, to overcome these vulnerabilities 
problem we evaluated the existing "AODV, S-AODV [15], EAACK [9] and FACE [8]" protocols. In the 
Section 2, we describes related works that provide an overview of the secure routing protocol. The efficient 
data privacy mechanism is proposed in Section 3, Section 4discusses the privacy analysis, Section 5, presents 
the Results of Evaluation, and Section 6 discusses the conclusions. 


2. RELATED WORKS 

To ensure security and privacy of messages in routing is a primary concern in AODV routing [11]. 
An efficient authentication mechanism is needed to ensure a secure message exchange between the sender 
and the receiver. AODV configures routes as needed because of its responsive routing protocol, which 
provides short network overhead and utilizes a default sequence number to prevent routing loop avoidance 
attacks. Mainly, three forms of messages are exchanged for communication "RREQ"," RREP", and "RRER" 
[4]. Each node in the path broadcasts an RREQ and verifies the information accumulated in the routing table 
and the sender serial number of the RREQ message. If it is new request it must be updated in the routing 
table to prevent routing loop vulnerability attacks. In addition, many other vulnerability attacks, such as 
"spoofing", "denial of service", and "message tampering", are serious problems with the AODV protocol. 
There are many secure ad hoc routing protocols presented for mobile ad-hoc routing [7], [9], [10], [20], [21], 
[23] because of its high-security vulnerabilities caused due to its openness and communication environment. 

Since we extend the features of AODV [11] in this work we describe its mechanism to understand 
its advantage in dynamic routing. It is a reactive routing protocol for mobile ad hoc networks that constitute a 
route on demand [26]. It utilizes sequence numbers to provide minimum network overhead and avoid a 
number of routing loop to perform maintenance and communication control it exchanges the standard 
"RREQ"," RREP", and "RRER" messages. Each node maintains an individual routing table to route data 
packets to the target node. But it does not secure its route data and messages which are a major cause of data 
loss in AODV. It needs a secure authentication mechanism to protect sender and recipient messages. During 
route request broadcast, every one node makes sure the sender "sequence number" of the "RREQ message" in 
opposition to the stored information in the routing table. For the route responses, as a substitute of scrutiny 
the sender "sequence number", it confirms the destination node "sequence number" and remains the routing 
information restructuring. All vulnerability attacks result in a routing loop or packet loss. In addition "routing 
messages fabrication", "spoofing" and numerous other attacks have a severe impact on the AODV protocol. 

Zapat et al. [13] propose an authentication mechanism as Secure-AODV to secure intermediary 
nodes from the malicious and illegal spoofing identity information activity. It even discusses the securing 
process for "modify the number of hops count" and "route fabrication" error messages. The mechanism is an 
addition to the AODV protocol supported by "public key cryptography" to give routing security. It mostly 
ensures the integrity and reliability through digitally signed routing and controls messages. Each time a node 
which generates a routing message sign with a "private key"; the node receiving this information verifies and 
authenticates the signature using the "sender's public key". A mechanism supported by a "hash chain" is used 
to protect it. The larger symmetric encryption used for digital signatures produces long messages. Each time 
the intermediate node receives a message, it has to verify the "signature" for authentication. Using double 
signing mechanisms for message verification it creates higher load over the network. 

S K. Dhurandher et al. [8] proposed a "Friend based Ad hoc routing using Challenges to Establish 
Security (FACES)" to offer secure communication in MANET routing. It defines a method for building a 
secure network based on a list of friends who share a list of nodes in a friend network. Every node 
periodically executes a process to retrieve a list of shared friends, creating a friend's node responsibility. 
Based on this intervallic update, malicious nodes can be easily removed from the network. This approach 
does not need to observe neighboring transmissions for node reliability assessment. The disadvantage of this 


Int J Elec & Comp Eng, Vol. 8, No. 5, October 2018 : 3267 - 3277 


Int J Elec & Comp Eng ISSN: 2088-8708 O 3269 


proposal is high "end-to-end delay" because of the computational overload and malicious behavior of the 
friend node, which can affect the entire friend list, communication, and network stability. 

M. S. Elhadi et al. [9] proposed an "intrusion detection system" known as "Enhanced Adaptive 
Acknowledgment (EAACK)"for MANETs. This work mainly focuses on the "packet drop attack" which is a 
security threat of MANET. It tried to prevent an attacker from attempting a fake acknowledgment attack 
involving a digital signature. This paper proposes an effective data privacy mechanism protocol to overcome 
the above observations in the routing privacy of AODV and other secure routing protocol and present an 
evaluation comparison with "AODV", "S-AODV", "EAACK" and "FACES" secure routing protocol. 


3. PROPOSED DATA PRIVACY MECHANISM 

An ad-hoc routing protocol node exchanges information with neighboring regions and configures a 
network for routing data packets to the required destination. An "external attacker" typically introduces 
incorrect routing information into the route to repeating preceding routing messages or modifying applicable 
routing information, which ultimately breaks the network. Internal attacks can cause serious damage because 
the node does not meet the initial commitments. These nodes can easily alter the confined outlook of the 
network by sending incorrect information. In general, it is very complicated to recognize an internal intruder, 
as these nodes are included in the network due to their security credentials. 

The proposed Data Privacy Mechanism (DPM) intend to target both internal and external type- 
specific attacks to provide the highest level of privacy. The DPM approach can identify and enforce the 
necessary precautionary measures by implementing a secure privacy mechanism for both route discovery and 
data routing. It utilizes a trusted third-party (TTP) certificate that consists of all the initial required keys to 
protect the private information from internal and external attackers. 


3.1. Privacy Model 

The privacy model consists of three secure process mechanisms to establish data privacy mechanism 
as shown in Figure 1. Here the source node initially obtained the TTP certificate to participate in the 
communication, later to do the data communication it builds secure route through route discovery process 
utilizing DP mechanism. It utilizes the discovered data route for the data routing along with the privacy 
maintenance. 
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Figure 1. Data privacy model 


3.2. Data Privacy Mechanism 

This section discusses the privacy mechanisms as shown in Figure 1. This categorizes the 
mechanism as, 1). "Acquiring TTP Certificate", 2). "Secure Route Discovery Privacy" and, 3). "Secure Data 
Routing Privacy" for the secure data routing and achieving the quality of service. 
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3.2.1. Acquiring TTP Certificate 

Establishing a secure communication between network nodes is the hardest part in MANET. Due to 
its constraints and characteristics reasons, it is challenging to utilize the predefined architectures for security. 
In the most secure routing protocols, the operations are related to privacy and key distribution was not 
properly handled. The previous secure routing protocols related to secure routing and key distribution are not 
the best due to computation overhead and storage. The "group key exchange" mechanism is being described 
in [21], which can be a simplified solution for the overhead of secure routing between the source and the 
target node. 

The mechanism of group key distribution is based on strong keys sharing, which is an effective 
mechanism in the case of high mobility behavior where nodes participate and move very often. An 
asymmetric encryption based security associations between nodes are being discussed [18] and [19], where it 
issued secure certificates of each individual node in the network provided by a TTP. It is a secure and strong 
process, as the distribution of certificate is done at a single point. However, if the malicious nodes are already 
in the network, then vulnerability attack can intrude the certificate or gain a certificate loaded and can easily 
acquire the identification of the new node causing insecurity to the node and network stability. 

In this data privacy mechanism, we distribute certificates with initial secure connections between the 
nodes. However, this certificate comes from a "trusted certification authority (CA)" and must be loaded on 
every node before connecting to the network. It is an "offline process" in which every node must present its 
own individuality to the "CA" to acquire the certificate. In this approach, if whichever node attempts to own 
an "invalid certificate", it can be easily recognized and made in accessible legally. The certificate offered by 
the "CA" for a node N will consist of "CA public key as CApub_key", "node address as Nadd", "public key 
as Npub_key" and private key as "Npvt_key". It is can be represented as shown below, 


Cy = ENCCA pkey (Nada , Noub key» Novt_key , CApub _key ) (1) 


We structure that all applicable nodes in the network to get this "CN Certificate" in prior to connecting to the 
network. 


3.2.2. Route Discovery Privacy 
To perform the route discovery with privacy, we extend "AODV" [11] route discovery mechanism 
and integrates the privacy mechanism. The discovery process is performed in 5 steps. 


Algorithm 1: Secure Route Discovery Mechanism 


Initialization of route request RREQ by Source Node, SN — Start_RREQ ( SNyreq ) 
Method-1: Start_RREQ ( SNyreq ) 


SN execute DH Algorithm to Generate a "Session Key" — SAsxey 

SN create msg signature through Eypt_SAH1(Msg) — SAsien 

SN create broadcasting msg through Eypt (Br_Msg)capub_key —> Ebr_msg 

SN create Eypt([SAsign, Ebr_msg , SAsxey > DNada, P, T stamp 1) CApub_key > Brreq 
SN broadcast generated B,,-g for the intermediate nodes as, J in the network. 


while each address of J; 4 DSgaq then 

I; execute Dypt(Brreq)cApvt_key Baad [SAsign, Ebroad_msg , SAsxey > DNaaa, P, T stamp ] 

T; execute Dypt(Epr_msg)CApvt_key > Br_Msg 

I; execute Eypt_SAH1(Br_Msg) — IAsien 

If Compare_authSign(IA sign, SAsign ) == 1 then 

If Compare(Br_Msg ,'RREQ')==1 then 
If Compare (I; add, DNaaa ) == 1 then 

Update SN SAsxey in destination route table —> DR_Table 
Start_RREP (DNaaa ); 


Else 
I; update its address to P — Update(Byreq , li) — NB 
I; Eypt(NB )capub_key => Brreq 
I; broadcast generated Breq in the network. 

End if 

End if 
End If 
End while 
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Method - 2: Start_RREP (DNaaa) 


DN execute DH Algorithm to Generate a "Session Key" > DAsxey 

DN create msg signature through Eypt_SAHI(Msg) —> DAsign 

DN create reply msg through Eypt (Rep_Msg)capub_key > Erep_msg 

DN create Eypt([DAsign, Ebr_msg , DAsxey » SNaaa P, T stamp 1) CApub_key > Brrep 
DN unicast B,,ep through the path recorded in P to reach DN. 


while each address of J; + SNaaq then 
I; execute Dypt(Brreq)CApvt_key => [DAsign, Ebroad_msg > DAskey , SNada, P, T stamp l] 
I; execute Dypt(Ebr_msg)CApvt_key > Br_Msg 
I; execute Eypt_SAH](Br_Msg) — IAsign 


If Compare_authSign(IAsien, DAsign) == 1 then 
If Compare(Br_Msg , 'RREP')==1 then 
If Compare (l; add, SNada) == 1 then 
Update DN DAsxey in source route table —> SR_Table 


Else 
I; get route P from Br_Msg —R 
I; get next hop node from R — Nrop 
I; unicast B,rep to Nnop 

End if 

End if 
End If 
End while 


In step-1, it prepares secure RREQ packets encrypted using CApub_key, in step-2 it broadcasts the 
encrypted RREQ message in the network and waits for the reply from destination, in step-3, intermediate 
node rebroadcasts the RREQ message, in step-4, destination node creates a session key, Sskey and creates the 
route reply, RREP message, and finally in step-5 destination replies the secure RREP message to source. 
Source on receiving the RREP from destination updates the path in its routing table along with session key 
for that path. 

Algorithm-1 provides a secure route discovery process used by DPM for route discovery. It 
describes the above functionality in two methods. Method-1 describe the mechanism of the RREQ 
broadcasting by source and functionality of intermediate nodes and method-2 describes the mechanism of 
destination node on arrival of RREQ and RREP to the source. 


3.2.3. Data Routing Privacy 

Data routing is the next process after completing the secure route discovery process by the source 
node. Each node in the route maintains its previous and next hop details for the data routing to the 
destination. Mostly source node transmits the data through the most favorable and short route based on the 
routing table and in the case of the AODV protocol it preserves only one path from the source to the 
destination. In this mechanism, we retain the feature of AODV to lower routing overhead. It secures the data 
packets before sending using the unique destination session key provided by the destination node. Using the 
destination unique session key source initially generates a secret key as SCKey. Let's consider DSKeyis the 
unique session key from the destination which is generated using a DH algorithm. 

The data need to transmit to the destination is encrypted using the generated SCKey; as the 
decryption key is already available with destination it decrypts the data received efficiently. This mechanism 
is illustrated in Algorithm-2. Here, the functionality of the data routing is performed in two methods. 
Method-1 describes the steps for a secret key, SCKey generation, data encryption and data transmission, 
whereas Method-2 describes the steps for generating a unique secret key, SCKey using DSKey and data 
decryption on receiving. It also creates the secure DELV_ACK message for the reply on the successful data 
packet delivery. 
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Algorithm 2: Secure Data Routing Mechanism 

Initialization of data transmission by Source Node, SN — StartDataTx( DNaaa, Seq_No) 

Method-1: StartDataTx( DNaaa, Seq_No) 


SN read routing path from routing Table — R 
SN read secure destination key > DAsxey 
Create distinct key for data encryption using DAsxey > UAkey 


For (t=0, t<number_of _pkt, t++) loop 
Data packet to transmit — DP, 
SN create secure data packet using UAxey > Eypt(DP,, UAxey) > Ep 
SN transmit the Ep to its next hop in its R. 
while (ACK_Time + 0) then 
If (Received Ep ) then 
SN read secure destination key — SAsxey 
Create distinct key for data encryption using SAsxey > UAkey 
SN decrypt Ep using UAxey— Dypt(Ep , UAKey) > Dmsg 
If (compare (Dinsg, "DLV_ACK") == 1) then 
End While; 
Transmit next data packet — StartDataTx( DNaaa, Seq_No); 
Else if ( ACK_Time + 0) then 
Re-transmit next data packet — StartDataTx( DNadaa, Seq_No); 
End If 
End If 
End While 
End For 


Method2: RecieveData(Ey, pkt_seq_no) 
Destination node D on receiving the data packets, 


D gets its own Session Key > Dsxey 
D generate unique Secret key using Dsxey > SCkey 
D decrypt the data packets using SCxey — Decrypt(Em, Dsxey ) -> Dm 


D gets its Source Session Key > Ssxey 

D generate unique Secret key using Ssxey > SCxey 

D decrypt the DELV_ACK message using SCxey —> Decrypt(DEL_ACK, Dsxey ) > Em 
D Sends secure acknowledge Ey back to source. 


Mostly source node transmits the data through the most favorable and short route based on the 
routing table and in the case of the AODV protocol it preserves only one path from the source to the 
destination. In this mechanism, we retain the feature of AODV to lower routing overhead. It secures the data 
packets before sending using the unique destination session key provided by the destination node. Using the 
destination unique session key source initially generates a secret key as SCKey. Let's consider DSKeyis the 
unique session key from the destination which is generated using a DH algorithm. The data need to transmit 
to the destination is encrypted using the generated SCKey; as the decryption key is already available with 
destination it decrypts the data received efficiently. This mechanism is illustrated in Algorithm-2. 

Here, the functionality of the data routing is performed in two methods. Method-1 describes the 
steps for a secret key, SCKey generation, data encryption and data transmission, whereas Method-2 describes 
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the steps for generating a unique secret key, SCxey using Dsxey and data decryption on receiving. It also creates 
the secure DELV_ACK message for the reply on the successful data packet delivery. 


4. PRIVACY ANALYSIS 

The path discovery process must discover paths through intermediate node collaboration. The attack 
on a route through "Route fabrication attack" can result in changes to path message modifications. To 
provide a solution, to this attack DPM uses TTP public keys to encrypt messages. The "Route cache 
poisoning attack" incorrectly routes a node to the wrong path.This attack is handled through implementing 
different private keys at both the origin and destination. The malicious node does not affect the route cache, 
which can transmit the incorrect route, each first route request message is very secure and protected by the 
"private key" and the node's "public key" for the regular route message security. The "DoS" or "packet 
dropping" is another issue in route discovery and does not interfere with the discovery mechanism until a 
non-malicious node is presented in the network. To prevent this, DPM requires each contributing node to 
have an "ID" and a valid "TTP certificate". We investigate possible attacks [23] on route discovery and 
routing and countermeasures taken by DPM to protect routing in mobile ad-hoc networks [27], [28]. 


4.1. Attacks on Route Discovery Process 

a. Message Fabrication: Route discovery procedure requires intermediate node collaboration to discover 
routes to the destination. Attacks on intermediate nodes can lead to modification of route messages. To 
prevent "message fabrication" DPM encrypts path messages symmetrically and asymmetrically and 
encrypts them by means of the node "public key". This new contribution gives an additional guarding 
against the attackers passing through the path to perform path message fabrication. 

b. Cache Poisoning: This type of attack guides the node to route data to the wrong path. The DPM handles 
this attack with trusted keys, available at both source and target nodes. If a malicious node broadcasts an 
invalid route, it will not affect the "route cache". First, every route request message is protected by a 
trusted key and a node public key, and later it is secured utilizing the"unique secret key" that is 
completely independent of the normal route message. 

c. DoS in Discovery Process: Denial-of-service (DoS) in path discovery or packet loss is an unreceptive 
malicious characteristic that does not interfere with the discovery procedure. To prevent this category of 
behavior, DPM makes certain that each included node need to have a valid and trusted "CA certificate". 


4.2. Attacks on Data Routing Process 

a. Data Packet Fabrication: During data communication, an intermediate node is able to inject a "false 
route" by changing the data packet to reduce throughput. The DPM handles data packet fabrication by 
encrypting data packets using a secret key that is unique during routing. Together the source node and the 
destination node generate a “unique secret key" that transmits data packets and notifies the 
acknowledgment messages. 

b. Data Packet Dropping: Dropping data packets is a general behavior of malicious nodes that affect 
network QoS. The proposed DPM prevent this attack through authentication of a trusted CA certificate 
for each node which is a necessity for joining the network. 


5. EXPERIMENTAL EVALUATION 

The experimental evaluation supposes that both kind "internal" and "external" malicious nodes 
occur in the network. Nevertheless, it is also believed that the majority notes in the network are trusted. We 
utilize node "public key cryptography" to look after the network security using symmetric encryption for data 
transmission and messaging attacks against external and internal attacks. The simulation is made using the 
Glomosim Simulator which provides a scalable and configuration driven evaluation. The proposed DPM is 
deployed in this simulator and evaluated against the configured parameter and also compares with the result 
of "AODV [11], S-AODV[13], EAACK[9] and, FACES [8]". 


5.1. Network Setup 

This section discusses the set of parameters required for the simulation the protocol. The simulation 
is executed in a "Random Way Point (RWP)” model with mobility changes from "10m/s to 100 m/s". The 
simulation is carried out in two scenarios. Inthe first scenario communication is made without malicious node 
in the network, whereas in the second scenario with a 40% malicious nodes. The required parameter for the 
simulation is shown in Table 1. 


An Effective Data Privacy Mechanism through Secure Session Key Exchange... (K.Ramesh Rao) 


3274 O ISSN: 2088-8708 


Table 1. Simulation Parameters 


Configuration Values 

Simulation Area 1200m X 1200m 
CBR Rates 4 pkts/sec 

Packet Size 512 bytes 
Source-Destination Paris 20 

Pause Time 25 sec 

Mobility RWP 

Mobility Speed (m/s) 10,20,40,60,80,100 


In the route discovery phase, every node is authenticated by means of CA certificate, and they all 
behave like normal and secure nodes. To have an impact of malicious behavior40% malicious node are 
configured for the data routing during simulation. 


5.2. Experimental Results 
5.2.1.Throughput 

Throughput performance comparison is shown in Figure 2(a) and Figure 2(b). All protocols 
illustrate related results in comparison. In the case of "without malicious nodes, "every protocol shows 
similar kind of results and deteriorate with increasing mobility. But in the case of "40% malicious nodes," 
DPM performs better than others. This is due to effective data packet securing. The malicious node unable to 
decrypt the message due to its secure protection of unique secret key and which prevents unwanted 
fabrication and support in better throughput. The DPM show an average improvisation in the case of without 
malicious due to its cryptography overhead, and in the case of with malicious it shows a 25% better 
throughput compared to other protocols. 


Throughput —— DPM 
(Absence of Malicious Node) -æ AODV 
; A ] —+— FACES 
08 | >< S-AODV 
£074 — EAACK 
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S05 4+ = 
= 0.4 4 
A 0.3 4 
0.2 4 
0.1 4 
0 + T T T T T 1 
10 20 40 60 80 100 
Speed (m/s) 


Figure 2(a). Throughput comparison without malicious nodes 
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Figure. 2(b). Throughput comparison with 40% malicious nodes 
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5.2.2. End-to-End delay 

End-to-end delay performance comparison is shown in Figure 3(a) and Figure 3(b). In the case of, 
without malicious node, all protocols show a similar rate of delay up to 40m/s mobility, but with increased 
mobility, they all attain high delay due to frequent link failure. However, in the case of with 40%, malicious 
DPM and FACES show less delay in comparison to other protocols, as both implement the certificate 
acquisition process which allows safe and secure identification of node which supports minimizing packet 
loss and end-to-end delay. 


End-to-End Delay End-to-End Delay 
(Absence of Malicious Node) (Presence of Malicious Node) DPM 
oa | mee 190 | -=AODV 
=e AODV 90 5 
d 80 —+ FACES 
2 FACES > Y 
9 ses AON è 704 | +<S-AODV 
£ £ 60 Y- EAACK 
= -EAACK X s504 
z J c 
5 S 40 
Q 30 a 
20 
10 4 
j 0 T T T T T 1 
10 20 40 60 80 100 10 20 40 60 80 100 
Speed (m/s) Speed (m/s) 


Figure 3(a). End-2-end delay comparison without Figure 3(b). End-2-end delay comparison with 40% 
malicious nodes malicious nodes 


5.2.3. Control Overhead 

Control overhead performance comparison is shown in Figure 4(a) and Figure 4(b). Here, in the 
case of no malicious node, all protocols have similar distribution overhead as all suffer due to a link failure 
under high mobility conditions. In case of with 40% malicious a parallel increment of overhead is observed 
for all up to 60% mobility due to its security and authentication overhead, but DPM maintains the overhead 
low, whereas other protocols result in higher overhead. 


Control Overhead DPM Control Overhead 
(Absense of Malicious Node) E AODV (Presence of Malicious Node) —+-DPM 
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: zt 20000 + EAACK 
5 £ 15000 
E 6 
6 © 10000 
O 
5000 
1 0 a i a a ca | 
10 20 40 60 80 100 10 20 40 60 80 100 
Speed (m/s) Speed (m/s) 


Figure 4(a). Control overhead comparison without Figure 4(b). Control overhead comparison with 40% 
malicious nodes malicious nodes 


6. CONCLUSION AND FUTURE WORKS 


In this paper, we propose an efficient data privacy mechanism (DPM) for mobile ad-hoc networks 
that protects routing mechanisms from internal and external attacks. It authenticates the route discovery 
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mechanism by securing the control messages using public key cryptography with symmetric encryption and 
using unique session and secret keys to protect the data routing mechanism. Both mechanisms provide a 
secure and quality of service establishing the data privacy mechanism through acquiring TTP Certificate and 
implementing privacy for route discovery and data routing. The experimental evaluation is made with and 
without malicious node scenario to compute the throughput, end-to-end delay, and control overhead. The 
comparison result of DPM shows an average 25% satisfactory improvement in throughput, but it attains bear 
minimum delay higher than AODV due to its security mechanism computation and it shows an average 20% 
low control overhead in comparison. 
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